SurfProtect Quantum+ Privacy Policy

Purpose, Scope and Users

The Privacy Policy statement applies to information which is collected from use of SurfProtect Quantum Plus, to be stylised as SurfProtect Quantum+, it does not apply to any sites accessed as a result of using SurfProtect Quantum+.

We have a legal duty to protect any personal information we collect and take appropriate measures to do so. We maintain secure systems to prevent unauthorised access, use, alteration and destruction of personal data.

All information is handled lawfully in accordance with the Data Protection Act 2018 (as amended from time to time).

SurfProtect is a content filtering solution for businesses and schools allowing the fulfilment of safeguarding requirements.

The SurfProtect Quantum+ service provides a content filtering solution, which allows for the identifying and filtering of web-requests. A number of ways can be used to identify a user making these requests, login through the Captive portal using either:

• Google Sign-in or;

• Microsoft Sign-in or;

• Active Directory users synchronised from an Active Directory server

Your Personal Information

Exa Networks are committed to protecting the privacy of our users, clients and customers.

Personal information shared with Exa Networks through the use of SurfProtect Quantum+ will be treated in confidence and only used for the purposes for which it was provided. Exa Networks will not sell or rent your personally identifiable information to anyone. If we change our Privacy Policy, we will post any changes on this website so that you are always aware of how we use your information.

All your personal Information shall be held and used in accordance with the General Data Protection Regulation. If you want to know what information we collect and hold about you, please email us at dpo@exa.net.uk or by writing to the Data Protection Officer, Exa Networks, 100 Bolton Road, Bradford, BD1 4DE 

What Information Do We Collect?

The information we collect includes the personal information you provide to us when signing into the SurfProtect Quantum+:

• When signing in via Active Directory, this is the user’s username and password

• When signing via Google, this is the user’s name and email address

How Do We Use Your Information?

The information which you provide to Exa Networks will be used within the company for the administration of any of Exa Networks’ related products and services of which you avail. Data may also be used for statistical analyses and Exa Networks may share information with law enforcement bodies/ fraud prevention agencies for the purpose of preventing or detecting fraud. We may share your data with trusted third parties who process data on our behalf in line with this privacy policy.

SurfProtect Quantum+ offers the ability to sign in using third party authentication through Google, Microsoft and Active Directory services. When using these services we will retrieve user information such as email addresses, usernames and the user’s first name and surname. We only use this information for the purpose of authentication and content filtering.

Google User Data 

Access

When a user logs into SurfProtect Quantum+ via sign in with Google, the Google Identity Service provides us with the user’s email address, first name, last name and, where applicable, the hosted domain they are a member of.

Use

The data provided by google is used for authentication and identification purposes. The hosted domain data is used to assign a user to a school. The user’s first name, last name and username is used to assign the user to filtering policies and to produce audit logs to present what searches the user has made. This information may also be used for statistical analyses.

Storage

Google user data is stored on Exa Networks’ servers in secure UK Data Centres and is stored in line with customer contractual requirements for data retention.

Sharing 

User data is shared via content filtering logs which include usernames and search history, these are shared with personnel preauthorised by the customer, and authorised staff at Exa Networks. The logs are accessible using a secure authenticated panel which can only be accessed with an authorised username and password.

Your Rights

Under GDPR, individuals now have increased rights in regard to their personal data. Please see below an outline of your rights and if you wish to contact us to discuss or amend the data we hold, please contact us DPO@exa.net.uk

• Right to be Informed

• Right of Access

• Right to Rectification

• Right to Erasure

• Right to Restrict Processing

• Right to Data Portability

• Right to Object

• The Right not to be Subject to Automated Decision-Making Including Profiling

Data Breach

If Exa Networks were to experience a data breach they would:

• Within 72 hours upon realising a breach had occurred and where feasible, report certain types of personal data breach to the relevant supervisory authorities. 

• If the breach is likely to result in a high risk of adversely affecting our customer’s individual rights and freedoms, we will also inform those individuals without undue delay.

Validity and Document Management

The owner of this document is the Information Governance Team (information.governance@exa.net.uk) who must check and, if necessary, update the document at least once a year.